Movatterモバイル変換


[0]ホーム

URL:


Skip to content
DEV Community
Log in Create account

DEV Community

AWS Community Builders  profile imageRevathi Joshi
Revathi Joshi forAWS Community Builders

Posted on

     

How to fix a Terraform Cycle Error

What are Cycle errors?

Cycle errors are instances of circular logic in the Terraform dependency tree. Terraform analyzes the dependencies between resources in your infrastructure configuration to determine the order to perform your operations.

In this article, I am going to show you how Cycle error occurs whenaws_security_group resources reference one another in their security_groups attributes. AWS cannot create the security groups because their configurations each reference the other group, which would not exist yet.

How to fix the Cycle error?

  • The fix for this Cycle error is to remove the mutually dependent security group rules in your configuration, leaving the two group resources without ingress attributes.
  • Instead of including the rules in the aws_security_group configuration, use theaws_security_group_rule resource and reference the security group IDs instead.
  • This avoids a cycle error because the provider will have AWS create both of the aws_security_group resources first, without interdependent rules.
  • It will create the rules next, and attach the rules to the groups last.

Please visit myGitHub Repository for Terraform articles on various topics being updated on constant basis.

Let’s get started!

Objectives:

1. Login to AWS Management Console

2. Create infrastructure for resources block

3. Underterraform_files resources directory - Create 4 files -main.tf,variables.tf,outputs.tf andterrafprm.tfvars.

4. Initialize Your Working Directory

5. Fix the Cycle Error

6. Deploy Your Resources

Pre-requisites:

  • AWS user account with admin access, not a root account.
  • Cloud9 IDE with AWS CLI.

Resources Used:

Terraform documentation.
Terraform documentation for AMI.
Troubleshoot Terraform - Correct a cycle error
learn-terraform-troubleshooting

Steps for implementation to this project:

1. Login to AWS Management Console

  • Make sure you're in the N. Virginia (us-east-1) region

2. Create infrastructure for resources block

  • Let’s create the following organizational structure as shown below.

Image description

3. Underterraform_files resources directory - Create 4 files -main.tf,variables.tf,outputs.tf andterrafprm.tfvars.

  • 1. main.tf

  • substitute vpc_id with your own VPC

terraform {  required_providers {    aws = {      source  = "hashicorp/aws"      version = "~> 4.23"    }  }  required_version = ">= 0.14.9"}provider "aws" {  region  = var.region}data "aws_ami" "linux" {   most_recent = true   owners      = ["amazon"]  filter {    name   = "name"    values = ["amzn2-ami-hvm-*-x86_64-gp2"]  }  filter {    name   = "virtualization-type"    values = ["hvm"]  }}resource "aws_instance" "web_app" {  for_each               = local.security_groups  ami           = data.aws_ami.linux.id  availability_zone = var.az_1a  instance_type = var.instance_type  vpc_security_group_ids = [each.value]  user_data              = <<-EOF              #!/bin/bash              echo "Hello, World" > index.html              nohup busybox httpd -f -p 8080 &              EOF  tags = {    Name = "${var.name}-mywebapp-${each.key}"  }} resource "aws_security_group" "sg_ping" {   name = "Allow Ping"   vpc_id = "<DUMMY VALUE>"  ingress {    from_port       = -1    to_port         = -1    protocol        = "icmp"    security_groups = [aws_security_group.sg_8080.id]  }} resource "aws_security_group" "sg_8080" {   name = "Allow 8080"   vpc_id = "<DUMMY VALUE>"  ingress {    from_port       = 8080    to_port         = 8080    protocol        = "tcp"    security_groups = [aws_security_group.sg_ping.id]  }}locals {  security_groups = {    sg_ping   = aws_security_group.sg_ping.id,    sg_8080   = aws_security_group.sg_8080.id,  }
Enter fullscreen modeExit fullscreen mode
  • 2. variables.tf
variable "region" {  description = "region"}variable "name" {  description = "Value of the Name tag for the EC2 instance"}variable "az_1a" {  description = "availability zone 1"  type        = string  default     = "us-east-1a"}variable "instance_type" {  description = "Value of the Name tag for the EC2 instance type"  type        = string  default     = "t2.micro"}
Enter fullscreen modeExit fullscreen mode
  • 3. outputs.tf
output "instance_id" {  description = "ID of the EC2 instance"  value       = [for instance in aws_instance.web_app: instance.id]}output "instance_public_ip" {  description = "Public IP address of the EC2 instance"  value       = [for instance in aws_instance.web_app: instance.public_ip]}output "instance_name" {  description = "Tags of the EC2 instance"  value       = [for instance in aws_instance.web_app: instance.tags.Name]}
Enter fullscreen modeExit fullscreen mode
  • 4. terrafprm.tfvars
name = "rev"region = "us-east-1"
Enter fullscreen modeExit fullscreen mode

4. Initialize Your Working Directory

cd terraform_files
Enter fullscreen modeExit fullscreen mode
  • Terraform format
terraform fmt
Enter fullscreen modeExit fullscreen mode

Image description

  • Initiate the working directory
terraform init
Enter fullscreen modeExit fullscreen mode

Image description

  • Validate the configuration
terraform validate
Enter fullscreen modeExit fullscreen mode
  • get a cycle error for the security groups sg_8080 and sg_ping.

Image description

  • This cycle error you get due to the security groups co-dependent on each other, expecting the other to be already created and must both exist at the same time for successful creation.

5. Fix the Cycle Error

  • inmain.tf - delete the ingress sections from the sg_ping and sg_8080 resource blocks.

  • Beneath the resource block of sg_ping, create a separate security group rule of type ingress named allow_ping

resource "aws_security_group_rule" "allow_ping"  {     type = "ingress"     from_port = -1     to_port = -1     protocol = "icmp"     security_group_id = aws_security_group.sg_ping.id     source_security_group_id = aws_security_group.sg_8080.id}
Enter fullscreen modeExit fullscreen mode
  • Beneath the resource block of sg_8080, Create another security group rule of type ingress named allow_8080
resource "aws_security_group_rule" "allow_8080" {     type = "ingress"     from_port = 8080     to_port = 8080     protocol = "tcp"     security_group_id = aws_security_group.sg_8080.id     source_security_group_id = aws_security_group.sg_ping.id}
Enter fullscreen modeExit fullscreen mode
  • main.tf looks like this
terraform {  required_providers {    aws = {      source  = "hashicorp/aws"      version = "~> 4.23"    }  }  required_version = ">= 0.14.9"}provider "aws" {  region = var.region}data "aws_ami" "linux" {  most_recent = true  owners      = ["amazon"]  filter {    name   = "name"    values = ["amzn2-ami-hvm-*-x86_64-gp2"]  }  filter {    name   = "virtualization-type"    values = ["hvm"]  }}resource "aws_instance" "web_app" {  for_each               = local.security_groups  ami                    = data.aws_ami.linux.id  availability_zone      = var.az_1a  instance_type          = var.instance_type  vpc_security_group_ids = [each.value]  user_data              = <<-EOF              #!/bin/bash              echo "Hello, World" > index.html              nohup busybox httpd -f -p 8080 &              EOF  tags = {    Name = "${var.name}-mywebapp-${each.key}"  }}resource "aws_security_group" "sg_ping" {  name   = "Allow Ping"  vpc_id = "vpc-0da931f5deb73c9e2"}resource "aws_security_group_rule" "allow_ping"  {     type = "ingress"     from_port = -1     to_port = -1     protocol = "icmp"     security_group_id = aws_security_group.sg_ping.id     source_security_group_id = aws_security_group.sg_8080.id}resource "aws_security_group" "sg_8080" {  name   = "Allow 8080"  vpc_id = "vpc-0da931f5deb73c9e2"}resource "aws_security_group_rule" "allow_8080" {     type = "ingress"     from_port = 8080     to_port = 8080     protocol = "tcp"     security_group_id = aws_security_group.sg_8080.id     source_security_group_id = aws_security_group.sg_ping.id}locals {  security_groups = {    sg_ping = aws_security_group.sg_ping.id,    sg_8080 = aws_security_group.sg_8080.id,  }}
Enter fullscreen modeExit fullscreen mode
  • Validate the configuration:
terraform validate
Enter fullscreen modeExit fullscreen mode
  • You should receive a success message stating the configuration is valid.

Image description

6. Deploy Your Resources

  • Create the Terraform plan
terraform plan
Enter fullscreen modeExit fullscreen mode

Image description

Image description

  • Create the resources
terraform apply
Enter fullscreen modeExit fullscreen mode
  • enter yes to confirm deployment

Image description

  • EC2 instances - rev-mywebapp-sg_8080 and rev-mywebapp-sg_ping

Image description

Cleanup

terraform destroy
Enter fullscreen modeExit fullscreen mode

Image description

What we have done so far

We have successfully fixed thecycle error and deployed our resources.

Top comments(0)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

Build On!

Would you like to become an AWS Community Builder? Learn more about the program and apply to join when applications are open next.

More fromAWS Community Builders

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account

[8]ページ先頭

©2009-2025 Movatter.jp